This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Vundo Trojan begins sending out ransomware

Share this article:

The Vundo Trojan has changed its output from scareware to ransomware.

 

Alex Lanstein from the FireEye Malware Intelligence Lab revealed that the authors of Vundo have been pushing a piece of malware that encrypts various personal file types such as pdf, doc and jpg on your system, and ‘coincidentally' push a program called FileFix Pro 2009 which would decrypt them for a fee.

 

Lanstein said: “Although we broke the encryption, it's a sobering realisation of the state of malware that it is now actively extorting users by holding their data ransom. Despite this version of FileFix being trivial to crack, it does not bode well for the future of internet malware.”

 

He explained that Vundo is a generic Trojan that is well known for pushing scareware popups for things such as XPAntiVirus and WinFixer. However in this case it was pushing a popup that ended up being a Trojan, which encrypted all the documents and rendered them unreadable on your system.

 

On the webpage for the ‘fix' at FileFixPro.com, download options are given which Lanstein revealed use server-side polymorphism (or perhaps a ton of binaries) to give a different executable every time it is downloaded. He said: “I assume this is to aggravate anti-virus detection, which appears to be working.”

 

He explained that a member of the FireEye team wrote a script to decrypt files, and in the coming days a tool will be released that can be downloaded that will decrypt all the affected files on your system.

 

 

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Researcher develops BadUSB code to compromise USB sticks - and their computer hosts

Researcher develops BadUSB code to compromise USB sticks ...

Karsten Nohl also reveals how an enhanced security approach can beat his USB architecture compromise.

Cybercrime threat landscape evolving rapidly

Cybercrime threat landscape evolving rapidly

New research claims to show that, whilst spam levels fell to a five-year low last month, the increasing complexity of cyber-criminal attacks shows no sign of easing, with increasing levels ...

Tor Project unearths attack that identifies users

Tor Project unearths attack that identifies users

Users of The Onion Router (TOR) network have been warned of an attack that could deanonymise them if they used the service from February to July this year.